From 25 May 2018, the Data Protection Act – which we currently abide by, and which gives fines of about £500,000 for data breaches – is going to be updated with the EU General Protection Regulation laws. This will affect every tech business or company that processes EU residents’ personally identifiable information.
These new regulations change the amount that you can be fined, to 4% of annual global turnover – that’s turnover, not profit – or €20m whichever is greater.
The big data security breaches of the last 10 years or so have been at the likes of Sony Playstation, Yahoo, eBay, Dropbox, Evernote, Lastfm, Apple, Target, British Airways, T Mobile, AT&T, Vodaphone, Gap, Carphone Warehouse, Tumblr, Twitter, Facebook, Citigroup, Hewlett Packard, TalkTalk… the list goes on and on. Now imagine that 4% of annual global turnover will be the fine for those kind of breaches as of 25 May 2018.
It’s a titan killer… I can’t imagine a company that it wouldn’t take down, or at least severely impinge on their ability to operate profitably.
That’s a titan killer. It doesn’t discriminate against industries, whether it’s technology, banking, healthcare, insurance, telecoms, retail. It’s every business involved in storing EU citizen’s personal data. I can’t imagine a company that it wouldn’t take down, or at least severely impinge on their ability to operate profitably.
We’re going to see a lot of seismic changes in the tech industry as companies suffer the fines, but also as tech companies change their business models to be able to weather that kind of fine. At the moment we get a lot of stuff free. But if you can imagine that you’ve got to protect against the potential of those kinds of fines, then business models are going to have to change.
As well as being a titan killer, it’s going to be a major barrier to enter the market for a lot of innovative startups. Four per cent of annual global turnover or €20m – who’s going to put that kind of money on the line to launch an app? It’s going to take a lot of guts and gumption to actually get started.
This year so far, we’ve had data breaches at LinkedIn, ADP the payroll giant, Seagate, Verizon – these are all big companies. But there are countless small companies who’ve had data breaches. The Identity Theft Resource Centre says that there have been 522 breaches already this year as of the middle of July in the US alone.
The other big problem that we’ve got is that we cannot fill the jobs that we have at the moment in cyber security. Currently, according to a report by Cisco, there’s an estimated one million openings that are unfilled globally. That number is expected to grow by half a million by 2019. The cyber security market is expected to grow from $75bn from 2015 to $170bn by 2020.
So we’ve got a massive skills gap globally in cyber security and that’s only going to grow and grow with the need to protect against these new regulation laws. The criminals get cleverer and faster and the fines are just getting heavier and heavier.
The positive is that for young people who are interested in technology, this is a really big opportunity. You’ll get snapped up out of university, and when you’re at the top of your field in cyber security, you can command a six-figure salary. And it’s something you can do from a computer at home, so it’s brilliant for women who would otherwise have a career break to start a family.
It could be an industry that allows us to keep punching above our weight when we are divorced from the EU. And we’re already geared up for it – we’re one of the world leaders in fintech development, which is already very cyber security conscious as you’re dealing with people’s money.
Britain will still be trading with people in the EU after Brexit. If you’ve got EU citizens on your database, wherever you are in the world, you come under these laws. Brexit or not, it’s still going to stuff you. So unless we’re truly going to become an island, sever all the cables, sever all the connections and make a UK-only internet, we’re going to have to abide by these laws. And that's going to mean massive, massive change.
Kate Russell’s new science fiction novel is Elite: Mostly Harmless.